lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130307015553.GA5495@localhost.localdomain>
Date:	Wed, 6 Mar 2013 20:55:53 -0500
From:	Andrew Shewmaker <agshew@...il.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	alan@...rguk.ukuu.org.uk, simon.jeons@...il.com,
	ric.masonn@...il.com
Subject: Re: [PATCH v5 1/2] mm: limit growth of 3% hardcoded other user
 reserve

On Tue, Mar 12, 2013 at 04:01:36PM -0700, Andrew Morton wrote:
> On Wed, 6 Mar 2013 18:52:01 -0500 Andrew Shewmaker <agshew@...il.com> wrote:
> 
> > Add user_reserve_pages knob.
> > 
> > Limit the growth of the memory reserved for other user
> > processes to min(3% current process, user_reserve_pages).
> > 
> > user_reserve_pages defaults to min(3% free pages, 128MB)
> > I arrived at 128MB by taking that max VSZ of sshd, login, 
> > bash, and top ... then adding the RSS of each.
> > 
> > This only affects OVERCOMMIT_NEVER mode.
> 
> Can we have a more complete changelog, please?  One which describes, at
> great length, *why* we're doing this.  Describe the problems you
> observed, the possible means of addressing them, why this means is
> considered best, etc.
> 
> Also, there has been considerable discussion over this patchset and it
> is good to update the changelogs to reflect that discussion.  Partly
> because other people will be asking the same questions when they see
> the patches and partly so that reviewers can understand how earlier
> objections/suggestions were addressed.  Assume that your audience
> has not read this email thread!
> 
> From a quick read of the code, it appears that the root-cant-log-in
> problem was addressed by simply leaving it up to the administrator,
> yes?  If the administrator sets user_reserve_pages or
> admin_reserve_pages to zero then they risk hitting the root-cant-log-in
> problem, yes?  If so then I guess this is an OK approach, but we should
> clearly describe the risks in the documentation.
> 
> Finally, I am allergic to exported interfaces which deal in "pages". 
> Because PAGE_SIZE can vary by a factor of 16 depending upon config (ie:
> architecture).  The risk is that a setup script which works nicely on
> 4k x86_64 will waste memory when executed on a 64k PAGE_SIZE powerpc
> box.  A smart programmer will recognize this and will adapt the setting
> using getpagesize(2), but if we define these things in "bytes" rather
> than "pages" then dumb programmers can use it too.

I'll get right on a version with an interface that uses kbytes, and 
I'll put a lot more detail in the changelog. I'll also document how 
I'm testing.

As long as  admin_reserve_pages is set to at least 8MB for 
OVERCOMMIT_GUESS or above 128MB for OVERCOMMIT_NEVER, I was able to 
log in as root and kill processes. The root-cant-log-in problem 
cannot be hit if user_reserve_pages is set to 0 because that 
reserve only exists in OVERCOMMIT_NEVER mode.

Should I enforce a minimum for the admin reserve? 8MB/128MB for the 
overcommit guess/never modes? I was hesitant to do that since my 
numbers are based a full-featured distro's versions of login, bash,
etc. A more svelte distro based on BusyBox might want different 
minimums.

I have a question concerning the variable names. Might a person 
looking at the source be confused why admin_reserve_kbytes and 
user_reserve_kbytes are not included in totalreserve_pages? Should 
I use a word other than "reserve" in the names, like "safetynet"? 
I can't think of anything better. Maybe it isn't a concern, but 
I didn't want to cause confusion.

Thanks for the feedback!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ